Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

How Prepared Is Your Organization to Respond to A Cyber Event?

How Prepared Is Your Organization to Respond to A Cyber EventCyber Insurance & Resilient, Responsive Security Standards Needed

In our blog, we’re continually driving home the significant exposures firms of all sizes throughout all industries face when it comes to network security, data breaches and cyber crime. We cannot emphasize enough the importance of implementing resilient and secure standards and protocols to assist in mitigating risks and the need for private and network security liability insurance in the event of a breach, virus or other type of cyber incident. This protection not only will help you with the costs involved in dealing with such a loss but can also be designed to provide you with the support and financial resources to withstand a business interruption loss and help protect your reputation and brand and retain consumer confidence.

We have seen time and again household company names being hit by sophisticated – and not so sophisticated – cyber crimes. And, depending how these companies handle a breach and the resources they have in place, including insurance, directly reflects how well and fast they’re able to recover. Yet as we’ve also emphasized, it’s not just the Targets, E-Bays, and other well-known companies, financial institutions, logistic service providers, educational institutions, and healthcare facilities being targeted. It’s also many medium and small sized organizations that are vulnerable to cyber attacks – from law firms, real estate companies, and retailers to architects and engineers, physicians and dentists, and much more whose computer network can be shut down and whose employee and customer data and proprietary information is at risk.

Insurers have responded over the last several years creating cyber products that address developing and emerging risks and offer a broad range of coverages that serve those organizations with advanced needs as well as provide policies for any firm whose data can be compromised. Yet some companies are still either underinsured or even uninsured, believing their general liability insurance will respond in the event of a cyber event – leaving them exposed to a significant financial loss in the event of a cyber-related loss.

Additionally, security and protocol measures in many cases are reactive or not adequate enough to anticipate, prevent and respond to a cyber incident. A recent paper released by Zurich Insurance Company and the Atlantic Council underscores several important steps that companies should undertake to boost their approach to cyber risks. These include, among others:

  • Board-level risk management: According to the Zurich/Atlantic Council paper, two-thirds of company boards believe they are taking cyber risks seriously but have little understanding of their information assets, which third parties had access to that data, or the impact of the loss of that data. This, unfortunately, leaves companies unprepared in the event of a cyber event. The takeaway: Boards must get smarter when it comes to cyber exposures, have a much broader view of the implications and impact of an event and hold their executives accountable.
    • Redundancy: Organizations need to be resilient, especially in the face of a major event that can cause a significant disruption in one’s network. The Zurich/Atlantic Council paper recommends having redundant power and telecommunications suppliers, alternate Internet Service Providers (ISPs) connected to different peering points, and workarounds with little reliance on IT to provide alternatives during Internet disruptions. Zurich/Atlantic Council cites as an example the earthquake in East Asia, which took out nearly all the region’s undersea fiber-optic cables. One financial institution suffered hardly any loss “because it had diverse pathways for each Asia office, each connecting to two regional hubs (Tokyo and Hong Kong) through separate cables, using different cable landing stations, and different telecommunications providers.”
    • Incident response and business continuity planning: Today it’s essential that teams are trained and ready to respond when an incident occurs. “There should be standard operating procedures and teams should be held to clear goals based on metrics, such as how much time it takes to detect an incident or intrusion, how much time to eject the intruders from the system. The best teams comprehensively understand the organizations’ various business lines and most business-critical and time-sensitive information and systems.”
    • Scenario planning and exercises: The paper cites that the “best organizations examine the most likely and most dangerous cyber risks and exercise their security and response teams, as well as their corporate executives and boards, to build muscle memory for responding to incidents.” Additionally, these “organizations should seize the opportunity of each crisis to create ‘teachable moments’ for responders and executives.” A good example of this would be Target and the data security failure that occurred back in November and December, how the retailer responded and handled the data breach and the aftermath with which it’s still dealing. In this case, Target would review all that went wrong and how ill prepared it was in handling such a massive breach, the team members accountable, and what standards and protocols should be put in place.

Axis Insurance Services specializes in providing cyber liability/private and network security insurance for organizations. We work with several top-rated insurers and can customize a policy that addresses your specific needs. Please give us a call at (877) 787-5258.

Sources:  Zurich Insurance Company and the Atlantic Council

Comments

comments

Blogged on: May 27, 2014 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions